Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
452
Views
0
Helpful
4
Replies

Command accounting with ACS

jain.nitin
Level 3
Level 3

‎07-08-2009 09:44 AM - edited ‎03-10-2019 04:34 PM

HOw can I achive command accounting via acs I have configured devices as below but no luck

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

any idea about it

Labels:
0 Helpful
4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

‎07-08-2009 10:12 AM

Hi,

Command accounting only works with tacacs and not with radius. Make sure bwaaa is set up as tacacs.

These logs are stored in tacacs administration report, so make sure you are checking the correct head.

Still it is not working then check acs code. Incase it is 4.1.1 then you need to apply patch 5 to fix it.

To download patch for appliance,

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

For windows

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Regards,

~JG

Do rate helpful posts

0 Helpful

jain.nitin
Level 3
Level 3
In response to Jagdeep Gambhir

‎07-08-2009 10:51 AM

Hi, I am using 4.2 version appliance. I am using tacacs+ u can s below config for your reference

aaa new-model

aaa group server tacacs+ bwaaa

server 10.2.6.1

server 10.2.6.2

ip tacacs source-interface Vlan1111

!

aaa authentication login aaa-list group bwaaa local

aaa authentication enable default group bwaaa enable

aaa authorization exec aaa-list group bwaaa local

aaa accounting exec aaa-list start-stop group bwaaa

aaa accounting commands 1 aaa-list start-stop group bwaaa

aaa accounting commands 15 aaa-list start-stop group bwaaa

aaa accounting system default start-stop group bwaaa

!

aaa session-id common

tacacs-server host 10.2.6.1 timeout 25

tacacs-server host 10.2.6.2 timeout 25

tacacs-server timeout 25

tacacs-server directed-request

tacacs-server key cisco123

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to jain.nitin

‎07-08-2009 12:06 PM

As stated in other post, try it without any method list and get the debugs

debug aaa accounting

debug tacacs

Did you check tacacs administration logs??

0 Helpful

jain.nitin
Level 3
Level 3
In response to Jagdeep Gambhir

‎07-09-2009 11:12 AM

HI It worked when I did not use any method list with the default list it works.. I dont understand why it is not working with my defined list...is there any other procedure to define method list..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents